Process isolation and permissions changing with sudo¶
Alternatively called “forking” is a feature of RKD similar to Gradle’s JVM forking - the task can be run in a separate Python’s process. This gives a possibility to run specific task as a specific user (eg. upgrade permissions to ROOT or downgrade to regular user)
RKD uses serialization to transfer data between processes - a standard
pickle library is used.
Pickle has limitations on what can be serialized - any inner-methods and lambdas cannot be returned by task.
To test if your task is compatible with running as a separate process simply add
--become=USER-NAME to the commandline of your task.
If it will fail due to serialization issue, then you will be notified with a nice stacktrace.
Technically the mechanism works on the task executor level, it means that process isolation is independent of the programming language as whole task’s execute() is ran in a separate process, even if task is declared in YAML and has Bash steps.
Permissions changing with sudo¶
YAML syntax allows to define additional attribute
become, that if defined then makes whole task to execute inside a separate
Python process ran with sudo.
Additionally the RKD commandline supports a per-task parameter
The mechanism is universal, it can be possibly used to sandbox, or even to execute tasks remotely. Currently we do not support such features but we do not say its impossible in the future.